lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <04F92BA33955D51195B700508B4AB6E916441FF0@dslak12.dnznet.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: Re: Microsoft Coding / National Security Ri
	sk

 
> also sprach Richard Hatch <r.hatch@...s.qinetiq.com> 
> [2004.03.24.1110 +0100]:
> > Take a team of really really good C/C++ coders with 
> excellent security 
> > vulnerability knowledge and have them go through the source 
> code for 
> > windows (starting with the core functionality and internet facing 
> > functionality maybe).  Find these bugs (including 
> methodical black-box 
> > testing against the binaries) and fix them.
> 
> You will have a hard time, given the patched OS that Windoze is.
> Where design is flawed you can't add security.

Seems to me that common consensus is that the Windows design is actually
relatively good - it is the implementation that is the problem.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ